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1 . Basis of the report 

a. With regard to the language, the international search was carried out on the basis of the international application in the 
language in which it was filed, unless otherwise indicated under this item. 

I I toe international search was carried out on the basis of a translation of the international application furnished to this 
Authority (Rule 23.1 (b)). 

b. With regard to any nucleotide and/or amino acid sequence disclosed in the international application, the international search 
was carried out on the basis of the sequence listing : 

contained in the international application in written form, 
filed together with the international application in computer readable form, 
furnished subsequently to this Authority in written form, 
furnished subsequently to this Authority in computer readble form. 

the statement that the subsequently furnished written sequence listing does not go beyond the disclosure in the 
international application as filed has been furnished. 

the statement that the information recorded in computer readable form is identical to the written sequence listina has been 
furnished y 

Certain claims were found unsearchable {See Box I). 
Unity of invention is lacking (see Box II). 

4. With regard to the title, 

[X] the text is approved as submitted by the applicant. 

I | the text has been established by this Authority to read as follows: 



□ 
□ 
□ 
□ 
□ 

□ 



□ 
□ 



With regard to the abstract, 

PH the text is approved as submitted by the applicant. 

| | the text nas been established, according to Rule 38.2(b), by this Authority as it appears in Box III. The applicant may 
within one month from the date of mailing of this international search report, submit comments to this Authority. 

The figure of the drawings to be published with the abstract is Figure No. 2 

as suggested by the applicant. Q None of the figures. 

| | because the applicant failed to suggest a figure. 

I I because this figure better characterizes the invention. 
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II Priority 

III Q^j Non-establishment of opinion with regard to novelty, inventive step or industrial applicability 
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V I — I Reasoned statement under Rule 66.2(a)(ii) with regard to novelty, inventive step or industrial applicability; 
L^-l citations and explanations supporting such statement 

VI Qtj Certain documents cited 

VII J^J Certain defects in the international application 

VIII [^J Certain observations on the international application 
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WRITTEN OPINION 



International application No. 
PCT/US00/01021 



1. Basis of the opinion 



With 


regard to the elements of the international application: * 




□ 


the international application a 


s originally filed 




m 


the description: 








pages 


1-22 




, as oricinallv filed 




pages 


NONE 




, filed with the demand 




pages 


NONE 


filed with the letter of 


X 


the claims: 










paces 


23-27 




, as orieinallv filed 




pages 


NONE 


, as amended (together 


with any statement) under Article 19 




pages 


28 




, filed with the demand 




pases 


NONE 


7 filed with the letter of 




X 


the drawings: 










paees 


1-5 




, as oricinallv filed 




pages 


NONE 




. filed with the demand 




Daces 


NONE 


, filed with the letter of 




X 


the sequence listing part of the description: 






pages 


NONE 




, as originally filed 




pages 


NONE 




, filed with the demand 




paees 


NONE 


, filed with the letter of 





2. With regard to the language, all the elements marked above were available or furnished to this Authority in the language in which 
the international application was filed, unless otherwise indicated under this item. 

These elements were available or furnished to this Authority in the following language which is: 

| | the language of a translation furnished for the purposes of international search (under Rule 23.1(b)). 
| | the language of publication of the international application (under Rule 48.3(b)). 

[ [ the language of the translation furnished for the purposes of international preliminary examination (under Rules 55.2 and/ 
or 55.3). 

3. With regard to any nucleotide and/or amino acid sequence disclosed in the international application, the written opinion was 
drawn on the basis of the sequence listing: 

EZI contained in the international application in printed form. 

| | filed together with the international application in computer readable form. 

| | furnished subsequently to this Authority in written form. 

[ | furnished subsequently to this Authority in computer readable form. 

□ The statement that the subsequently furnished written sequence listing does not go beyond the disclosure in the 
international application as filed has been furnished. 

I I The statement that the information recorded in computer readable form is identical to the vvriten sequence listing has 
' — ' been furnished. 

4 [ x| The amendments have resulted in the cancellation of: 

~xl *^ NONE 



the description, pages_ 
the claims, Nos. 



NONE 



0 

[~x] the drawings, sheets/% NONE 



5- Q This opinion has been drawn as if (some of) the amendments had not been made, since they have been considered to go 
beyond the disclosure as filed, as indicated in the Supplemental Box (Rule 70.2(c)). 

* Replacement sheets which have been furnished to the receiving Office in response to an invitation under Article 14 are referred to 
in this opinion as "originally filed". 
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WRITTEN OPINION 



International application No. 
PCT/USOO/01021 



V. Reasoned statement under Rule 66.2(a)(ii) with regard to novelty, inventive step or industrial applicability; 
citations and explanations supporting such statement 



1. statement 

Novelty (N) Claims 2, 5 & 15-22 YES 

Claims 1, 3-4, 6-14 & 23-25 NO 

Inventive Step (IS) Claims NONE YES 

Claims 1^5 NO 

Industrial Applicability (IA) Claims YES 

Claims NONE NO 



2. citations and explanations 

Claims 1, 3-4, 6-14 & 23-25 lack novelty under PCT Article 33(2) as being anticipated by Bednarek, (U.S. Pat U 
5,621,793). 

Considering claims 1 . 24 & 25, the claimed method, apparatus & means for detecting a clone subscriber unit in a communication 
network, comprising the steps of recording transmission characteristics of a signal from an original subscriber uniLthat is 
authorized for the network and measuring a comparable transmission characteristic of a signal from a subscriber unit attempting 
to access services from the instant network; determining whether there is a difference between the measured characteristic & 
the recorded characteristic, such that if there is a difference, that the subscriber unit attempting to access services from the 
network is identified as a clone, reads on the disclosure of Bednarek. (Abstract; col. 1, lines 55-60; col. 2. lines 5-12; col. 3, 
lines 48-51; col. 10. lines 1-15). In particular, Bednarek teaches determining the validity of subscriber unit, based on whether 
the detected time delay of messages from the instant subscriber unit is in accordance with the expected time delay from the 
particular subscriber unit. 

Considering claim 3. the time delay characteristic measured in Bednarek is associated with the physical layer of the 

network. 

Considering claims 4 & 6. Bednarek is applicable to wireless, as well as cable networks, (col. 1, lines 10-30. 
Considering claims 7-10, see Bednarek col. 10, lines 1-15. 

Considering claims 11-14, Bednarek teaches that the detection of the time delay is performed utilizing a clock within 
the subscriber terminal equipment, which may contain a time bias or offset, (col. 10, lines 23-50). Moreover, Bednarek teaches 
utilizing multiple algorithms for confirming the veracity of a detected position of a subscriber terminal equipment, which reads 
on a second resolution of data. 

(Continued on Supplemental Sheet.) 
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WRITTEN OPINION 



International application No. 
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Supplemental Box 

(To be used when the space in any of the preceding boxes is not sufficient) 



Continuation of: Boxes I - VIII Sheet 10 



TIME LIMIT: 

The time limit set for response to a Written Opinion may not be extended. 37 CFR 1.484(d). Any response 
received after the expiration of the time limit set in the Written Opinion will not be considered in preparing the International 
Preliminary Examination Report. 



V. 2. REASONED STATEMENTS - CITATIONS AND EXPLANATIONS (Continued): 
Considering claim 23, see Bednarek col. 10, lines 9-40. 



Claims 2, 5 <& 15-22 lack an inventive step under PCT Article 33(3) as being obvious over Bednarek. 



Considering claim 2, Bednarek teaches that the recording, measuring and determining may be performed at the 
subscriber units, (col. 7, lines 23-35; col. 8, lines 25-30. Official Notice is taken at the time the invention was made, it was 
well known in the art to process complicated algorithms at a central location, remote from a subscriber unit. It would have 
been obvious for one of ordinary skill in the art at the time the invention was made, to modify Bednarek with the well known 
technique of utilizing the processing capacity at the headend, at least for the desirable benefit of avoiding the need f or costly 
processors in subscriber terminal equipment, thereby reducing the cost of such equipment. 

Considering claim 5, even though Bednarek does not discuss the use of cable modems within subscriber terminal 
equipment, Official Notice is taken that such a feature was well known in the art at the time the invention was made. It would 
have been obvious for one of ordinary skill in the art at the time the invention was made, to modify Bednarek with the well 
known technique of utilizing cable modems within a subscriber terminal equipment, at least for the desirable benefit of 
flexibility in the types of transmission formats the instant subscriber terminal equipment is enabled to receive. 

Considering claims 15-22, Official Notice is taken that at the time the invention was made, it was well known in the 
art of remote diagnostic testing, to monitor, measure & detect various operating characteristics of a subscriber's terminal 
equipment, such as its operating channel frequency, operating power level, and power spectrum. It would have been obvious 
for one of ordinary skill in the art at the time the invention was made, to modify Bednarek with the well known technique of 
remote diagnostics, for the desirable advantage of a more accurate & reliable determination of whether or not a particular 
subscriber terminal under test, is in fact a clone, or a valid terminal. 



NEW CITATIONS 

US 5,621,793 A (BEDNAREK, et al) 15 April 1997; Abstract; col. 10, lines 1-45. 

US 4,829,589 A (UEKUSA) 09 May 1989; Abstract. 

US 4,688,249 A (HAYES, et al) 18 August 1987; Abstract. 
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| X| in the demand filed with the International Preliminary Examining Authority on: 
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2. The election | X | was 
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ry Examination Report (Form 


International application No. 
PCT/USOO/01021 


International filing date (day/month/year) 
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Vriority date (day/ month/year) 
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International Patent Classification (IPC) 
IPC(7): H04N 7/167 and US CI.: 725 


or national classification and IPC 
/ 121; 348/12 ; 380/20 


Applicant 
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This international preliminary examination repon uas ueeu ^T^rtWe36 
Examining AnthoriK and is transmitted^ apphcaut ncconhng to Article 36. 

This REPORT consists of a total of sheets. 

• i w amvfyFS i e. sheets of the description, claims amLbr drawings which have 

□ Sa^td^^ 

(s^ Ze 70.16 and Section 007 of the Administrative Instructions under the PCT). 

These annexes consist of a total of — sheets. 

3. This report contains indications relating to the following items: 

I |~^| Basis of the report 

II I 1 Priority 

III Q Non-est.blish.uent of report with regard to novelty, inventive step or industrial applicability 

IV Lack of unitv of invention 

V [Xl basoned statement under Article 300) with ^regard to noveltv, inventive step or industrial applicability; 
l_l citations and explanations supjiorting such statement 

VI | | Certain documents cited 

Vn Q Certain defects in the international application 
Vm □ Certain observations on the international application 
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Authorized officer 
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INTERNATIONAL PRELIMINARY EXAMINATION REPORT 



International application No. 
PO7US00/01021 



I. Basis of the report 



1. With regard to the elements of the international application:* 
| [ the international application as originally filed 

Sthe description: 
1-22 • as originally filed 

NONE , filed with the demand 



pages 

pages NONE , filed with the letter of 



fxl the claims: 

1 — 1 pages 23-28 : . as originally filed 

ges 28 , as amended (together with any statement) under Article 19 

NONE — » f,led with the demand 



pages 

pages NONE , filed with the letter of 



fTl the drawings: 

1 — 1 t-5 , as originally filed 

pages _ . . — ■ 

NONE . filed with the demand 



pages 

pages NONE , filed with the letter of. 



fxl the sequence listing part of the description: 

1 p a g es NONE . . as originally filed 

pages NON E . , filed with the demand 



pages 



NONE , filed with the letter of . 



2 With regard to the language, all the elements marked above were available or furnished to this Authority in the language in which 
the international application was filed, unless otherwise indicated under this item. 

These elements were available or furnished to this Authority in the following language — wnicn IS ' 

[~| the language of a translation furnished for the purposes of international search (under Rule 23.1(b)). 
| | the language of publication of the international application (under Rule 48.3(b)). 

| — | the language of the translation furnished for the purposes of international preliminary examination (under Rules 552 and/ 
or 553). 

3. With regard to any nucleotide and/or amino acid sequence disclosed in the international application, the international 
preliminary examination was carried out on the basis of the sequence listing: 

□ contained in the international application in printed form. 

| | filed together with the international application in computer readable form. 

| | furnished subsequently to this Authority in written form. 

| [ furnished subsequently to this Authority in computer readable form. 

□ The statement that the subsequently furnished written sequence listing does not go beyond the disclosure in the 
international application as filed has been furnished. 
I - ! The statement that the information recorded in computer readable form is identical to the writen sequence listing has 
■ — ' been furnished. 

4 \x\ The amendments have resulted in the cancellation of: 

OD the description, pages NONE _ 

E the claims, Nos. NONE 

[x] the drawings, sheets/fig NONE 



I * * | uiv *' •■■o w ? — 

5. □ This report has been drawn as if (some of) the amendments had not been made, since they have been considered to go 
bevond the disclosure as filed, as indicated in the Supplemental Box (Rule 70.2(c)).** 

* Reolncement sheets which have been furnished to the receiving Office in response to an invitation under A™^}*™"*^*! 
W^^^'^SJ^ fiM" ^nd are not annexed to this report since they do not contain amendments (Rules 70.16 

"AnJrelutcemrnt sheet containine such amendments must be referred to under item 1 and annexed to this report. 
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V. Reasoned statement under Article 35(2) with regard to novelty, inventive step or industrial applicability; 
citations and explanations supporting such statement 



1. statement 

Novelty (N) Claims 2, 5 & 15-gg YES 

Claims l. 3-4, 6-14 & 23-25 NO 

Inventive Step (IS) Claims NONE YES 

Claims iz*5 NO 

Industrial Applicability (IA) Claims YES 

Claims NONE NO 



2. citations and explanations (Rule 70.7) 

Response to Arguments 

Applicant's arguments filed 14 JUNE 2001 have been fully considered, but are not persuasive. 

On page 2 of the response, applicant argues that "the subscriber unit transmits a signal to the detection apparatus. 
Based on this signal, a determination is made (e.g. at the CATV headend...)". Examiner agrees with this statement, however 
it is noted that only claim 2 requires that the "recording, measuring and determining steps occur at the headend". 

Applicant argues further on page 2, that "a transmission characteristic of a signal from an original subscriber unit 
is recorded" is to be interpreted that a subscriber unit(s) transmit the signals from which the 'transmission' characteristics are 
measured". It is agreed that that is one possible meaning of the claim. Nevertheless, examiner asserts that "recording a 
transmission characteristic of a signal from a subscriber unit..", also reads on a transmission characteristic of a signal at a 
subscriber unit, or with respect to a subscriber unit.. The independent claims do not recite that the transmission characteristic 
is of a signal from a subscriber unit, to the headend, or to any other remote device. The independent claims merely recite that 
the transmission characteristics are from a subscriber unit. 

Therefore the claims only require that the transmission characteristic relate to the instant subscriber unit. In 
otherwords, since in Bednarek the measured distance and time delay are transmission characteristics from the instant subscriber 
unit, the reference meets the limitations of the claimed subject matter. Transmission characteristic is broad enough to read 
on the parameters of transmission parameters of the network with respect to a particular subscriber unit. Thus, (Continued 
on Supplemental Sheet.) 
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Continuation of: Boxes I • VIII 
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V. 2. REASONED STATEMENTS - CITATIONS AND EXPLANATIONS (Continued): 
since different subscriber units will use networks, they will have different transmsission parameters. 



It is asserted that claim 2 which recites that the "recording, measuring and determining steps occur at the headend", 
would have been an obvious modification of Bednarek. The instant reference discloses that security of the set top box is a 
problem which may be solved by various tamper-proof algorithms see col. 13 & col. 14. Clearly, one of ordinary skill in the 
art would have also recognized the benefit of employing measuring and determining hardware and software remote from set 
top boxes, at least for the known security feature of avoiding persons local to the set top box with tampering with the instant 
determining means. 



Analysis of Claims 



Claims 1, 3-4, 6-14 & 23-25 lack novelty under PCT Article 33(2) as being anticipated by Bednarek, (U.S. Pat # 
5,621,793). 

Considering claims 1, 24 & 25, the claimed method, apparatus & means for detecting a clone subscriber unit in a 
communication network, comprising the steps of recording transmission characteristics of a signal from an original subscriber 
unit that is authorized for the network and measuring a comparable transmission characteristic of a signal from a subscriber 
unit attempting to access services from the instant network; determining whether there is a difference between the measured 
characteristic & the recorded characteristic, such that if there is a difference, that the subscriber unit attempting to access 
services from the network is identified as a clone, reads on the disclosure of Bednarek, (Abstract; col. 1, lines 55-60; col. 2, 
lines 5-12; col. 3, lines 48-51; col. 10, lines 1-15). In particular, Bednarek teaches determining the validity of subscriber unit, 
based on whether the detected time delay of messages from the instant subscriber unit is in accordance with the expected time 
delay from the particular subscriber unit. 

Considering claim 3, the time delay characteristic measured in Bednarek is associated with the physical layer of the 

network. 

Considering claims 4 & 6, Bednarek is applicable to wireless, as well as cable networks, (col. 1, lines 10-30. 
Considering claims 7-10, see Bednarek col. 10, lines 1-15. 

Considering claims 11-14, Bednarek teaches that the detection of the time delay is performed utilizing a clock within 
the subscriber terminal equipment, which may contain a time bias or offset, (col. 10, lines 23-50). Moreover, Bednarek 
teaches utilizing multiple algorithms for confirming the veracity of a detected position of a subscriber terminal equipment, 
which reads on a second resolution of data. 

Considering claim 23, see Bednarek col. 10, lines 9-40. 



Claims 2, 5 & 15-22 lack an inventive step under PCT Article 33(3) as being obvious over Bednarek. 



Considering claim 2, Bednarek teaches that the recording, measuring and determining may be performed at the 
subscriber units, (col. 7, lines 23-35; col. 8, lines 25-30. Official Notice is taken at the time the invention was made, it was 
well known in the art to process complicated algorithms at a central location, remote from a subscriber unit. It would have 
been obvious for one of ordinary skill in the art at the time the invention was made, to modify Bednarek with the well known 
technique of utilizing the processing capacity at the headend, at least for the desirable benefit of avoiding the need for costly 
processors in subscriber terminal equipment, thereby reducing the cost of such equipment. 
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Considering claim 5, even though Bednarek does not discuss the use of cable modems within subscriber terminal 
equipment. Official Notice is taken that such a feature was well known in the art at the time the invention was made. It would 
have been obvious for one of ordinary skill in the art at the time the invention was made, to modify Bednarek with the well 
known technique of utilizing cable modems within a subscriber terminal equipment, at least for the desirable benefit of 
flexibility in the types of transmission formats the instant subscriber terminal equipment is enabled to receive. 



Considering claims 15-22, Official Notice is taken that at the time the invention was made, it was well known in the 
art of remote diagnostic testing, to monitor, measure & detect various operating characteristics of a subscriber's terminal 
equipment, such as its operating channel frequency, operating power level, and power spectrum. It would have been obvious 
for one of ordinary skill in the art at the time the invention was made, to modify Bednarek with the well known technique of 
remote diagnostics, for the desirable advantage of a more accurate & reliable determination of whether or not a particular 
subscriber terminal under test, is in fact a clone, or a valid terminal. 



Claims 1, 24-25 lack novelty under PCT Article 33(2) as being anticipated by Rangedahl, (U.S. Pat # 5,790,074). 



Considering claims 1, 24 & 25, the claimed method, apparatus & means for detecting a clone subscriber unit in a 
communication network, comprising the steps of recording transmission characteristics of a signal from an original subscriber 
unit that is authorized for the network and measuring a comparable transmission characteristic of a signal from a subscriber 
unit attempting to access services from the instant network; determining whether there is a difference between the measured 
characteristic & the recorded characteristic, such that if there is a difference, that the subscriber unit attempting to access 
services from the network is identified as a clone, reads on the disclosure of Rangedahl which teaches that a user device 10 
transmits an authorization request to a centralized authorization device 20. In Rangedahl, the user device 10 authorization 
request includes the GPS data of the instant user device 10. The authorization device 20 receives the GPS and determines 
whether the received GPS matches the known position of the identified reciver. 



Additional Citation s 

Laurance is also cited since it is relevant to applicant's claims. The system of Laurance discloses the very well 
known technique of authenticating a transmission device as a function of its location, (Fig. 1; col. 5, lines 8-20; col. 13, lines 
14-21). The location of the device, i.e distance from the centralized authorization device, reads on the claimed transmisssion 
characteristics. Likewise, MacDoran teaches determining the location of a receiver device in order to avoid spoofing. 
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DETECTION OF DUPLICATE PARTICIPANTS IN A TWO-WAY MODEM 

ENVIRONMENT 



BACKGROUND OF THE INVENTION 

This application claims the benefit of U.S. 
5 Provisional Application No. 60/116,731, filed January 

22, 1999. 

The following acronyms are used: 
CM - Cable Modem; 

CMTS - Cable Modem Termination System; 
10 CPE - Customer Premises Equipment; 

HFC - Hybrid Fiber/Coax ; 
ID - Identifier; 
IP - Internet Protocol; and 
MAC - Medium Access Control . 
15 The present invention relates to subscriber 

networks, such as HFC cable television networks, and 
more particularly to controlling access to services 
provided over the network. The invention is 
particularly suitable for use with networks with 
20 subscriber terminals/set- top boxes that use two-way 

modems, such as CMs, that are connected to the network. 

Such modems are increasingly being used to allow 
network users to send and receive data, such as from 
the Internet data, at relatively high speeds. The 
25 modems may also provide telephony capabilities. The 

invention also is useful generally for terminals that 
have any upstream signaling capability via the network, 
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e.g., to a network headend. 

It is important for a network operator to control 
access to services that are delivered via the network. 
However, there is a tradeoff between the level and cost 
5 of security distributed throughout any communications 

network. The extremes of this tradeoff are: 

(a) place all of the security within the CPE (such 
as in a user's home), in which case, for example, only 
physical security associated with encryption keys is 

10 provided; and 

(b) place all of the security in the network, 
e.g., implement network security protocols that rely on 
the trust associated with the absolute identity, in 
this case physical location, of the distributed 

15 elements of the network. 

For the latter case, if duplicate CPE could be 
identified with absolute certainty, security protocols 
and procedures can be implemented that relied on this 
trust. For purposes of this disclosure, the terms 

20 "consumer premises equipment", "subscriber unit", 

"terminal", "set-top box", "cable modem" and the like 
are used interchangeably. 

Unauthorized persons ("pirates" or "attackers") 
have been successful in gaining access to networks 

25 using various attack techniques. One possible attack 

on a network of the type described above is to move the 
permanent identity of a first subscriber unit (e.g., a 
CM or other CPE) , for which a subscriber has paid for 
the services provided by the network, to a second 

30 "clone" subscriber unit in the network. The first 
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subscriber unit is known as the "clone master." This 
cloning can be performed if the security information or 
unit ID of the first subscriber unit is not protected 
from theft. Such cloning allows a single individual to 
5 purchase programming or other data services 

legitimately from the network, and then sell to others 
for a profit, without authorization, the ability (along 
with possibly modified terminals) to access the 
services . 

10 An alternative motivation is the theft of the 

identity of a unit, then selling that identity to 
persons wishing to illegally use other network services 
and not pay. For example, current networks users who 
pay for a basic level of services can obtain enhanced 

15 services without paying. The network operator can 

incur significant revenue losses if the identity of the 
compromised unit were used, for example, to access long 
distance telephone services or gain free unlimited 
Internet access, e.g., via a CM. 

20 To remain undetected in the network, the cloned 

unit must possess all of the characteristics of the 
clone master. If the clone is identical to the clone 
master, the clone will merely use the bandwidth and ID 
of the clone master. Moreover, if a clone unit has 

25 multiple (N) clone IDs, any of these identities can be 

used to gain access to the network. A concentration 
ratio of N:l allows the cloned units to operate in the 
network with little chance of collision, if N is large 
enough . 

The cloned units can continue to operate 



30 
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undetected if the network operator (e.g., the CMTS and 
associated servers operated by or for the service 
provider) does not detect any noticeable anomalies in 
the network's traffic, such as multiple IP addresses, 
5 increased traffic flows, etc. Additionally, the clones 

can continue to operate undetected even though the 
network operator verifies the identity of the unit that 
sends an upstream message. This is achieved because 
the verification of an ID of the subscriber unit (e.g., 

10 a CM or other CPE) is performed before the modem is 

registered with the network. The ID may specify a 
manufacturer's serial number, IEEE MAC address, and so 
forth. However, there is no practical method for any 
network operator to associate this address to a 

15 specific modem prior to modem registration. 

A cloned network element will remain undetected as 
long as there are no discernable differences between 
any of the master and cloned units, and they operate 
within the network in a logical and physically possible 

2 0 manner. 

For example, one method for detecting cloned 
analog cell phones is to identify telephone calls that 
originate from physically distant parts of the network 
within a short time window. However, such methods of 

25 clone detection are marginally effective at identifying 

cloned phones since unauthorized calls within the same 
general vicinity (e.g., same city) as unauthorized 
calls cannot be flagged. Additionally, data indicating 
the location, such as which network cell is used, must 

30 be communicated upstream to a central processing 
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facility. Moreover, this technique is not easily used 
in a subscriber network such as an HFC cable television 
network since there is no provision to identify the 
network path (e.g., branch or hub) that is traveled by 
an upstream message from a clone terminal. 

Accordingly, it would be advantageous to provide a 
reliable system for detecting cloned units, such as 
CMs, in a network. The system should be implementable 
with relatively low cost and complexity, and without 
significant disruptions in service. The system should 
recognize and take advantage of the fact that systems 
which support CM service or telephony service (e.g., 
HFC cable television and the like) allow several unique 
aspects of the physical layer to be exploited, such 
that subscriber units (e.g., modems) can be uniquely 
identified even if the unique ID can be cloned into 
other units . 

The system should be compatible with the "Data 
Over Cable Service Interface Specification RF 
Interface" (DOCSIS RFI) standard. 

The present invention provides a system having the 
above and other advantages . 
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SUMMARY OF THE INVENTION 



10 



15 



20 



The present invention provides for the detection 
of duplicate participants in a network having a 
terminal population with two-way communication 
capabilities by analyzing transmission differences in 
the physical layer of the network. 

The physical layer is concerned with transmitting 
raw bits over a communication channel. Examples of 
physical layer attributes that can be used in 
accordance with the invention to identify a subscriber 
unit are unit timing offset, unit frequency offset, 
unit power offset, and unit spectral characteristics. 

The pirate unit can continue to operate as a clone 
of a clone master in the network if it remains 
undetected. The invention determines that a cloned ID 
is being used by detecting differences in any 
detectable characteristics of the cloned subscriber 
unit that distinguish it from other cloned subscriber 
units (of the same ID) or from the cloned master. 

Since the cloned units 1 transmissions do not all 
take the same upstream path in the network to the CMTS , 
differences in these paths present an opportunity for 
detecting piracy by uniquely identifying units that 
attempt to appear identical to the CMTS and the 
network. Thus, differences in the return path can be 
used in accordance with the invention to "tag" each 
unit uniquely. This approach not only relies on the 
assumed differences in path length, but it also relies 
on each of the clone modems not knowing the exact 
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details of the corrections (adjustments) sent to the 
clone master. 

A particular method for detecting a clone 
subscriber unit in a communication network, includes 
5 the step of recording a transmission characteristic of 

an original subscriber unit authorized for use in the 
network. The recorded transmission characteristic is 
compared to a comparable transmission characteristic of 
a subscriber unit on the network alleging to be the 

10 original subscriber unit. For example, the alleging 

unit may have the same ID in its upstream messages as 
the authorized unit. A difference between the compared 
transmission characteristics indicates that the 
alleging subscriber unit is a clone subscriber unit. 

15 The observed transmission characteristic may- 

include: (1) propagation time, (2) frequency, (3) 
power, and (4) spectral characteristics. For 
propagation time, an enhancement involves providing 
data for adjusting the assigned transmit time a 

20 subscriber unit at a lower resolution than the 

resolution at which the offset is initially determined. 
In this manner, even if the clone subscriber unit 
intercepts the offset and attempts to adjust its own 
transmit time accordingly, the CMTS can still detect 

25 when the transmit time offset is out of the expected 

range . 

The enhancement can be extended to the other 
characteristics . 

A corresponding apparatus is also presented. 
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BRIEF DESCRIPTION OF THE DRAWINGS 



10 



15 



FIG. 1 is a block diagram of an HFC network 
embodying the present invention. 

FIG. 2 illustrates a headend, authorized customer 
premises equipment (CPE), and clone CPE in a subscriber 
network in accordance with the present invention. 

FIG. 3(a) illustrates the calculation of a signal 
propagation time before ranging in accordance with the 
present invention . 

FIG. 3(b) illustrates a ranging region in 
accordance with the present invention. 

FIG. 3(c) illustrates assigned upstream 
transmission slots after ranging in accordance with the 
present invention . 

FIG. 3 (d) illustrates an uncertainty region for 
signal propagation time in accordance with the present 
invention . 

FIG. 4 illustrates measurement of the power 
spectrum of a received upstream signal at a headend in 
accordance with the present invention. 
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DETAILED DESCRIPTION OF THE INVENTION 

FIG. 1 illustrates, in block diagram form, an HFC 
cable television plant in which the invention can be 
implemented. Although an HFC cable television plant is 
5 illustrated for purposes of the present disclosure, it 

should be appreciated that the invention can be used in 
other network types where the possibility of cloned CPE 
is a concern. A transmitter and receiver located at a 
cable headend 10 (i.e., service provider equipment such 

10 as a CMTS) measure one or more transmission 

characteristics of subscriber units 14, 16, 18 (CPE) 
that communicate with the headend via the network 12. 
Any number of subscriber units can be provided, up to 
the network capacity, and each can be monitored by the 

15 headend. 

FIG. 2 illustrates a headend 200, authorized 
customer premises equipment (CPE) 276, and clone CPE 
274 in a subscriber network. The cable headend 200 
includes a control 212, clock 215, database 210, 

20 transmitter 220, receiver 230, and a programming 

services function 255. The programming services 
function 255 may provide television programs on the 
network, for example. The receiver 230 is associated 
with a time offset function 235, a frequency offset 

25 function 240, a power offset function 245, and a 

spectral characteristics offset function 250. The 
control 212 provides overall management of the 
functions at the headend 200 . 

The transmitter 220 transmits data via a hub 260, 
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a network link 265, and example hubs 270 and 272 to an 
authorized CPE (i.e., a master unit). The transmitter 
transmits data via the example hubs 270 to an example 
clone CPE 274. Any number of clone units may be 
5 present in a network. 

The clone CPE 2 74 includes a control 2 82, a 
transmitter 284, and a receiver 288. The transmitter 
284 further includes a clock 285, an identifier (ID) 
function 286, and a filter with filter coefficients 

10 287. Similarly, the authorized CPE 276 includes a 

control 290, a transmitter 292 (with a clock 294, an ID 
function 296, and a filter with filter coefficients 
296), and a receiver 299. 

Each of the CPE units 274, 276 can send upstream 

15 signals to, and receive signals from, the headend (or 

CMTS) 2 00. For example, if the units are CMs, the 
upstream signals can be for accessing the Internet, 
general IP-based media services or placing telephone 
calls. Commonly, a television, PC or other output 

20 devices are associated with each CPE unit. The data 

transmitted to the units 274, 276 includes data related 
to the service being used, along with data from the 
headend 200 for assigning time slots for the units to 
transmit upstream according to their respective 

25 bandwidth needs. 

In accordance with the invention, transmission 
characteristics of the upstream signals are measured by 
the headend 200 to detect clones. These 
characteristics can include one or more of: (1) 

30 propagation time, (2) frequency, (3) power, and (4) 
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spectral characteristics. Each of these is described 
in greater detail below. 

1. In a first clone detection technique, 
propagation/receive time of upstream signals from the 
5 units is measured. 

Generally, the ability to physically locate a 
subscriber unit within a network is a key factor in 
eliminating a timing offset attack. If the pirate can 
spoof the system into believing that the CPE is located 

10 in another physical location in the network, there is 

very little the network operator can do to locate the 
clone or pirate unit. This is especially true if the 
pirate unit is transmitting from a virtual location in 
the network that, to the headend, appears to be the 

15 same location as the legitimate modem. 

The "Data Over Cable Service Interface 
Specification RF Interface" (DOCSIS RFI) specification 
available at www . cablemodem . com defines a network wide 
timestamp that is broadcast to all units which are part 

20 of the network domain. For this discussion a "domain" 

and a "CMTS broadcasting on a single downstream 
channel" are considered to be the same. The DOCSIS 
specification defines a periodically- transmitted 
message that contains a 32-bit timestamp. The least 

25 significant bit (LSB) of this timestamp is in units of 

6.25 ^sec/64 and is based upon a 10.24 MHz clock. The 
CPE modem uses this timestamp to: 1) synchronize an 
internal reference clock, and 2) define an exact (to 
within some small guard time) time to transmit on the 
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upstream channel . 

Since all of the subscriber units (e.g., 274 and 
276) in the network are not the same distance from the 
receiver 230 in the CMTS 200, the burst arrival times 
5 of the individual subscriber units are normalized to 

make all of the modems appear the same virtual distance 
from the headend. The DOCSIS system achieves this by a 
process called "ranging." 

FIG. 3(a) illustrates the calculation of a signal 

10 propagation time before ranging in accordance with the 

present invention. A time offset tl (300) from a first 
cable modem, CM1 , is the measured propagation time for 
a signal to travel from CM1 to the CMTS, and 
corresponds to the physical propagation distance. 

15 Similarly, a time offset t2 (310) from a second cable 

modem, CM2 , is the measured propagation time for a 
signal to travel from CM2 to the CMTS . 

FIG. 3(b) illustrates a ranging region in 
accordance with the present invention. Here, a ranging 

20 region 320 is defined for all of the CMs in the 

network, from the CM that is closest to the CMTS, to 
the CM that is farthest from the CMTS. Additionally, 
the CM1 has a time offset 302 for transmitting messages 
at tl ±&tl, where ^tl is an uncertainty due to the 

25 clock rate used at the headend. Similarly, CM2 has a 

time offset 312 for transmitting messages at t2 ±At2, 
where &t2 is the corresponding uncertainty. 

Referring also to FIG. 2, the ranging region 320 
defined within the upstream bandwidth assignment is 

30 wide enough to accommodate the closest and farthest CPE 
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from the CMTS receiver 230. The CMTS receiver 230 
measures the arrival time of the ranging burst (the 
burst defined to occur within this region) , and 
determines the propagation time based on a difference 
5 between the local time, as determined by the clock 215, 

and an assigned upstream transmission time based on the 
clocks 285, 294. Clocks 285, 294 are synchronized to 
clock 215 via the system timestamp. The time offset is 
determined by a time offset function 235. The 
10 differences are then sent as a timing offset to the 

CPEs 274, 276 in a ranging response message and used as 
adjustment factors for the modem upstream transmission 
times . 

The effect of this process is that all of the 

15 subscriber units appear to be the same virtual distance 

from the CMTS receiver. They actually look like they 
are at a zero physical distance from the CMTS upstream 
receiver, since the time indicated by the corrected 
time stamp matches the local time at the CMTS 200. 

20 Thus, the CMTS receiver knows the absolute propagation 

time and transmission path length of every CPE on the 
network within that domain. The resolution of this 
measurement (worst case) is approximately 100 feet, 
assuming a 10.24 MHz sampling clock at the CMTS 

25 receiver and using the propagation constant of 

electromagnetic radiation in free space (i.e., 3xlO e 
m/sec / 10.24x10* Hz / 0.3048 m/ft = 95.8 ft). 

The propagation constants for coax cable and 
optical fiber are approximately 88% and 69%, 

30 respectively, of that for free space. The ratio of 
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coax to fiber is generally known by the plant manager, 
but will vary greatly in different networks. Since it 
is not feasible to determine the exact ratio of coax to 
fiber in any single plant, the free space propagation 
5 constant can be used as the worst case. In addition, 

if the sampling rate is doubled (20.48 MHz), a worst 
case resolution of approximately 50 feet is achieved. 
Other changes in the sampling rate will affect the 
resolution accordingly . 

10 FIG . 3(c) illustrates assigned upstream 

transmission slots after ranging in accordance with the 
present invention. The assigned upstream transmission 
slots 330 show CM1 and CM 2 transmitting at the assigned 
times, 304 and 314, respectively, with the associated 

15 uncertainties. 

FIG. 3(d) illustrates an uncertainty region for 
signal propagation time in accordance with the present 
invention. The uncertainty region 3 50 accounts for the 
uncertainties of all subscriber units (CMs) in the 

20 network, which can amount to hundreds or thousands of 

units . The uncertainty region width represents the 
worst case uncertainty based on the measurement 
resolution of the burst in the headend and the value of 
the LSB in the ranging offset sent to the CMs. 

25 The CM1 burst 3 06 and CM 2 burst 316 are shown as 

being offset from the expected receive time 340 by the 
corresponding uncertainties 

The ability to determine the subscriber unit 
distance from a known location such as a headend, and 

30 the resolution of this determination, depends primarily 
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on the implementation of the service provider's return 
path receiver 230 that receives communications back 
from the subscriber units. 

Thus, in accordance with the invention, a clone 
subscriber unit can be detected by measuring the 
propagation time of each upstream message having a 
given unit ID. 

If the network operator determines that two 
different propagation times are detected from the 
receipt of upstream transmissions with the same ID, it 
can be concluded that at least one of the units is a 
clone. The operator can then take appropriate steps, 
such as terminating the account of any unit using that 
ID. 

Accordingly, the invention allows the network 
operator to determine that multiple subscriber units 
having the same identity are present in the network. 
It is also possible to detect the movement of a single 
subscriber unit within the network. 

With respect to propagation time differences, as 
mentioned above, the CMTS (or a comparable service 
provider apparatus) normalizes all of the subscriber 
units to appear as if they were at a zero distance from 
the CMTS even though they are physically located at 
different distances from the CMTS . 

However, the above method of intrusion detection 
may conceivably be defeated if one could spoof the 
system into believing that client (subscriber) units 
located at different distances from the CMTS receiver 
were really located at the same distance from the CMTS 



WO 00/44174 



% 

PCT/US00/01021 



16 



receiver. In this case, the time offset check at the 
CMTS would no longer reveal cloned units. For example, 
assume CM1 is the clone master which has a valid 
network subscription, and CM2 is a clone of that modem. 
5 Note that there is additional out-of-band coordination 

required between clone master CMs and cloned CMs for 
DOCSIS transmission assignments and power control. 

A clone first performs ranging as described in the 
previous section. However, the clone does not use its 

10 own MAC address during the initial ranging process. 

Instead, it uses a MAC address of some other valid CM, 
or possibly even some random MAC address, if the CMTS 
will accept it. 

After this initial ranging, the clone will know 

15 its time offset from the CMTS , i.e., t2 . The intrusion 

detection technique described earlier will not catch 
this clone, because it is not using its MAC address. 
In fact, if the clone uses a MAC address of another 
valid CM, an attempt at the intrusion detection could 

20 result in de-authorization of a valid CM, i.e., a 

denial of service attack. 

After this initial ranging, the clone ranges again 
with the cloned MAC address. The steps are as follows: 

1) CM 2 (the cable modem clone) performs initial 
25 ranging using a random but valid MAC address to obtain 

its ranging offset, t2 , from the CMTS (as illustrated 
earlier) . 

2) CM2 , which has the identity (including the MAC 
address) of the clone master, listens for the clone 

30 master initial ranging information. Based on detecting 
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("snooping") the initial ranging response from the CMTS 
to the clone master (or through some out-of-band 
method), CM 2 now knows the value of tl. 

3) CM 2 then calculates the difference between its 
5 time offset (t2) and the clone master 1 s time offset 

(tl) . 

4) CM 2 can now perform subsequent initial ranging 
using the clone master ID and appear to the CMTS as if 
it was at the same location as CMl (the clone master) . 

10 CM2 can do this by sending a ranging request t2-tl 

seconds earlier than it is supposed to. 

5) CM 2 can now monitor ("sniff") the downstream 
to note any use of CMl (or through out-of-band methods) 
and, if clear, CM 2 can request upstream transmission 

15 slots using CMl 1 s identity. 

6) The headend sees the transmission in the 
correct assignment with the correct time offset and 
cannot tell the difference without more a sophisticated 
transmission arrival time detection scheme. 

20 An advantage of this method for the attacker is 

that the CMTS only sees one transient ranging request 
with an ID that is not subscribed. All subsequent 
initial ranging will be performed by one of the cloned 
modems that are using the clone master's identity. 

25 The intrusion detection techniques described 

herein can be enhanced to detect these more 
sophisticated attacks by increasing the frequency of 
the sampling clock at the CMTS (or other comparable 
service provider apparatus) such that a resolution of 

30 greater than, e.g., 100 feet is obtained. This provide 
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additional ranging resolution, which may allow 
additional cloned units to be detected. 

Another enhancement is to decrease the number of 
bits sent to each CPE in the ranging response time 
5 offset message, but continue to measure with the 

current resolution. If, for example, the granularity 
of the LSB is increased (e.g., by truncating the last 
three LSBs) the measuring resolution increases to 800 
feet. The sampling frequency remains the same so the 

10 measurement resolution is still 100 feet. This 

technique has the effect of increasing the uncertainty 
of the transmission time, based upon the physical 
location of the modem from the cable headend CMTS and, 
therefore, the likelihood that duplicate CMs can be 

15 detected. This method has the disadvantage that 

bandwidth is sacrificed. 

Alternatively, these same LSBs could be randomized 
and sent to each of the cloned modems . This has the 
additional advantage of not providing any indication to 

20 the attackers that any intrusion techniques are 

enabled. The uncertainty of these measurements is 
shown in FIG. 3(d) . 

2. In a second clone detection technique, 
frequency differences in the upstream signals from the 
25 subscriber units are used to distinguish cloned CPE 

units. In particular, each CPE 274, 276, transmits on 
an assigned center frequency. The service provider 
(e.g., CMTS 200) receives the transmitted signal by 
matching this signal's frequency and extracting the 
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information contained in the signal. Differences in 
the exact received frequency can be measured by the 
frequency detector 240 at the CMTS 200 or other service 
provider equipment to detecting duplicate units. 

Optionally, adjustment data can be provided to the 
original subscriber unit to change its center 
frequency . 

3. In a third clone detection technique, power 
differences in the upstream signals from the subscriber 
units are used to distinguish clone units. Each CPE 
274, 276 transmits at an assigned power level. The 
CMTS 2 00 (or other service provider apparatus) sends 
commands to each CPE to set the power level to use for 
the unit's upstream transmissions. However, the power 
of the signal from each unit is attenuated by different 
amounts as the signals travel upstream in the network, 
so the measured level at the CMTS 200 will be less than 
the designated transmission levels. These decreases 
are a result of the differences in attenuation of the 
signal as the signal from each CPE traverses a 
different path, or part of the upstream spectrum back 
to the CMTS 2 00. 

The power detector 245 at the CMTS 200 monitors 
each transmitted burst (upstream signal) and measures 
the power to determine a baseline expected power level 
for each unit ID. Thus, a clone unit can be identified 
when the measured power for a given ID does not match 
the expected level. 

Optionally, adjustment data can be provided to the 



• 

WO 00/44174 



PCT7US00/0102J 



20 



original subscriber unit to change its signal's power. 

4. In a fourth clone detection technique, 
differences in the spectral characteristics of the 
upstream signals from the subscriber units are used to 
5 distinguish clone units: Each unit transmits through a 

unique path over the cable plant back to the service 
provider. The paths may cause changes in the spectral 
characteristics of received upstream signals . 

Each burst (upstream signal) received by the CMTS 

10 200 contains a preamble such that a demodulator 

(spectral characteristics detector 250) at the CMTS 200 
can "train" for a period of time before the actual 
start of the data. During this training period, the 
demodulator determines the spectral characteristics of 

15 the burst and attempts to equalize the burst for 

optimal reception. A set of unique equalization 
(filter) coefficients are derived as result of the 
preamble spectral analysis and sent to each CM. These 
coefficients can also be stored in the database 210 and 

20 used to uniquely define each individual unit on the 

assumption that each of these units traversed a 
physically different path. 

FIG. 4 illustrates measurement of the signal power 
spectrum of a received upstream signal at a headend. 

25 Using known frequency domain processing techniques, the 

power spectrum of a received signal might be measured 
as shown at 400 during the training period. The 
measured spectrum can be normalized to a baseline 
spectrum 420 using the equalization coefficients. Any 
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significant deviation from the baseline 420 after the 
training period is an indication of a clone unit. 

It should now be appreciated that the present 
invention provides techniques for locating duplicate 
5 participants (e.g., cloned subscriber units) in a 

communication network, such as an HFC cable television 
network or the like, by monitoring the physical layer 
of the network to detect transmission differences 
between such units. If such transmission differences 
10 are found from units that use a common ID, it is 

evident that a cloned unit is in use. 

The measured characteristics can include one or 
more of: (1) propagation time, (2) frequency, (3) 
power, and (4) spectral characteristics. Moreover, a 
15 combination of characteristics can be used to provide a 

greater certainty that a clone exists. 

Furthermore, it is not necessary to monitor each 
characteristic for every upstream signal. For example, 
only one or two characteristics need be measured. 
20 Propagation time and spectral characteristics are 

believed to be particularly effective in detecting 
clones. If a discrepancy is detected for a unit ID, 
the ID may be flagged as a possible clone, and other 
characteristics may be measured to provide a more 
25 concrete determination. 

Moreover, selected unit IDs may be measured if 
they are suspect for some reason, such as unusually 
high traffic from that ID. 

Random or sequential measuring of the units may 
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also be implemented. 

Moreover, the invention is not limited to use with 
cable modems, but may be used in any network where it 
is possible to measure the characteristics disclosed 
5 herein, and to relate any discrepancy to a particular 

unit ID. 

Although the invention has been described in 
connection with various specific embodiments, those 
skilled in the art will appreciate that numerous 
10 adaptations and modifications may be made thereto 

without departing from the spirit and scope of the 
invention as set forth in the claims. 
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What is claimed is: 



1 . 



A method for detecting a clone subscriber 



unit in a communication network, comprising the steps 
of : 

recording a transmission characteristic of a 
signal from an original subscriber unit that is 
authorized for use in said network; 

measuring a comparable transmission characteristic 
of a signal from a subscriber unit on said network 
alleging to be said original subscriber unit; and 

determining whether there is a difference between 
the measured transmission characteristic and the 
recorded transmission characteristic ; 

wherein any such difference is indicative that the 
alleging subscriber unit is a clone subscriber unit. 

2. The method of claim 1, wherein: 

said recording, measuring and determining steps 
occur at a headend of the network. 

3. The method of claim 1, wherein: 

the measured transmission characteristic is 
associated with a physical layer of said network. 



4. The method of claim 1, wherein: 
said network is a hybrid fiber/coax cable 
television network . 
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5. The method of claim 4, wherein: 

said original and alleging subscriber units are 
cable modems . 

6. The method of claim 4, wherein: 

said original and alleging subscriber units 
comprise hybrid fiber/coax consumer premises equipment. 

7. The method of claim 1, wherein: 

the recorded transmission characteristic comprises 
at least one of a propagation time and a propagation 
time offset for the signal of the original subscriber 
unit . 

8. The method of claim 7, wherein: 

the propagation time offset is determined by 
comparing an assigned propagation time of the signal of 
the original subscriber unit to a receive time thereof. 

9. The method of claim 7, comprising the further 
steps of : 

providing adjustment data to adjust the 
propagation time offset to a desired value; and 

communicating the adjustment data to any 
subscriber unit in the network that uses an identifier 
associated with the original subscriber unit for use in 
adjusting a propagation time offset thereof. 
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10. The method of claim 9, wherein: 

the adjustment data is provided by a headend of 
the network. 

11. The method of claim 9, comprising the further 
steps of : 

determining the propagation time offset by 
sampling the signal of the original subscriber unit 
using a clock having a clock rate corresponding to a 
first resolution/ and 

providing the adjustment data at a second, coarser 
resolution . 

12. The method of claim 11, wherein: 

the clock rate is increased from a nominal level 
corresponding to^ said second resolution for recovering 
upstream transmissions from subscriber units in the 
network, to a higher level to achieve the first 
resolution for determining the propagation time offset. 

13. The method of claim 11, wherein: 

the clock rate operates at the first resolution 
for initially providing the adjustment data; and 

the adjustment data is provided at the second 
resolution by omitting at least one least significant 
bit thereof . 

14. The method of claim 11, wherein: 

the clock rate operates at the first resolution 
for initially providing the adjustment data; and 
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the adjustment data is provided at the second 
resolution by randomizing at least one least 
significant bit thereof . 

15. The method of claim 1, wherein: 

the recorded transmission characteristic comprises 
at least one of a frequency and a frequency offset. 

16. The method of claim 15, comprising the 
further steps of: 

providing adjustment data to adjust the frequency 
offset to a desired value; and 

communicating the adjustment data to any 
subscriber unit in the network that uses an identifier 
associated with the original subscriber unit for use in 
adjusting a frequency thereof. 

17. The method of claim 1, wherein: 

the recorded transmission characteristic comprises 
at least one of a power and a power offset. 

18. The method of claim 17, comprising the 
further steps of: 

providing adjustment data to adjust the power 
offset to a desired value; and 

communicating the adjustment data to any 
subscriber unit in the network that uses an identifier 
associated with the original subscriber unit for use in 
adjusting a power thereof. 
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19. The method of claim l, wherein: 

the recorded transmission characteristic comprises 
a spectral characteristic. 

20. The method of claim 19, wherein: 

the spectral characteristic comprises at least one 
of a power spectrum and a power spectrum offset. 



21. The method of claim 20, comprising the 
further steps of: 

providing adjustment data to adjust the power 
spectrum offset to a desired value; and 

communicating the adjustment data to any 
subscriber unit in the network that uses an identifier 
associated with the original subscriber unit for use in 
adjusting a power spectrum thereof. 

22. The method of claim 21, wherein: 

the adjustment data comprises filter coefficient 

data . 



23. The method of claim 1, wherein: 

the recorded transmission characteristic is 

obtained from a measurement of the signal of the 

original subscriber unit. 



24. An apparatus for detecting a clone subscriber 
unit in a communication network, comprising: 

means for recording a transmission characteristic 
of a signal from an original subscriber unit that is 
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authorized for use in said network; 

means for measuring a comparable transmission 
characteristic of a signal from a subscriber unit on 
said network alleging to be said original subscriber 
unit; and 

means determining whether there is a difference 
between the measured transmission characteristic and 
the recorded transmission characteristic;; 

wherein any such difference is indicative that the 
alleging subscriber unit is a clone subscriber unit. 

25. An apparatus for detecting a clone subscriber 
unit in a communication network, comprising: 

means for recording a transmission characteristic 
of an original subscriber unit authorized for use in 
said network; and 

means for comparing said recorded transmission 
characteristic to a comparable transmission 
characteristic of a subscriber unit on said network 
alleging to be said original subscriber unit; 

wherein a difference between the compared 
transmission characteristics is indicative that the 
alleging subscriber unit is a clone subscriber unit. 
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